A Virtual Private Network (VPN) securely connects multiple customer sites that are possibly geographically spread out and wish to communicate among each other. Frequently, such a network provides a pre-specified Quality of Service assurance (a Service Level Agreement—SLA) in the form of expected loss rates and delays. A service provider provisions the network to ensure that the SLAs for an admitted VPN are met based on information provided by the VPN customer. The QoS achievable for a given VPN is influenced by the way customer sites are inter-connected by the provider. The most straightforward solution is to have a mesh of point-to-point links connecting customer sites. A more efficient and scalable solution would be to multiplex multiple VPN customers on a common core network that incorporates mechanisms to maintain an individual VPN's QoS through mechanisms of admission control, queuing and scheduling. While this option is far more scalable, the question of providing per-VPN QoS becomes harder. When aggregates from different VPN customers are multiplexed, the traffic distortions introduced are not easily quantified. These distortions can severely degrade the quality of service. However, with appropriate admission control mechanisms at the entry of the network combined with a core network capacity adjustment mechanism, the provider can meet the QoS requirements with much flexibility.
Therefore, a need exists for a method and apparatus to effectively support admission control and core network resource allocation of a customer VPN in a service provider network.